Tech Insight: Employee Monitoring--Coming Soon To A Network Near You

More companies are monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours

Social networking and Generation Y have had a profound impact on how companies perceive casual Web surfing by employees. The effects on security and productivity can have dire consequences for all involved -- everything from a little bad press to a major data breach and employee dismissal with possible civil and criminal action. This is why more companies are performing monitoring and enacting policies to address employee Web and e-mail activity at work and off-hours.

Companies are taking on Web monitoring for a number of legitimate reasons. On the corporate IT side, the concerns center around the increase of malware taking advantage of social networking sites and the potential of sensitive data being posted on a site they do not control. On the flip side, management is caught in a Catch-22 trying to increase productivity by blocking popular social networking sites while trying not to negatively affect Gen Y employees' likelihood to move onto a more "open" company.
The choice to monitor and filter Web content is not one that should be taken lightly. It forces management to make several critical decisions, like who will be responsible, the level of monitoring to put in place, and which sites and content are deemed inappropriate.
The chance of sensitive data leaking through social media or a workstation becoming infected with data stealing malware is not something companies want to risk. No one likes to consider themselves "big brother," but more and more companies are choosing to put the onus of monitoring and reporting of employee Web surfing activity onto IT -- a task most do not relish.
Seven percent of respondents to the InformationWeek 2010 Strategic Security Survey said they spend a great deal of time monitoring employee behavior. That doesn't sound like much, but the number of respondents who said they monitor is much higher. In 2010, the percentage of organizations jumps 8 percent -- to 73 percent who monitor employee behavior to reduce the use of inappropriate websites.
With nearly three-quarters of the survey's respondents focused on preventing access to inappropriate Web content, it's a little surprising that less than half were focused on increasing user productivity since that is the most common argument from management.

No matter the argument, the fact is that monitoring has become incredibly easy. The simplest method is to set up workstations to use a Web proxy through which all Web traffic must pass. The proxy can handle monitoring and filtering, and often includes content inspection for malware. Reports can be generated on-the-fly or e-mailed at a scheduled interval.

Whether your enterprise is concerned with security or productivity, the time to start monitoring and filtering content is here. The Web and content filtering market has matured beyond simple software on endpoints and appliances to cloud-based services requiring little up-front capital expense and reduced operating costs, making it a much more attractive offering than several years ago.

For e-mail and Web monitoring, most network-based content filtering solutions handle both and address filtering, monitoring, and even some basic data loss prevention. And with hosted security services including Web and e-mail filtering, there is less setup time to test out a cloud-based provider. It often consists of a quick change on the firewall, router, or a workstation.

Choosing the level of monitoring often makes security professionals a little squeamish. To make things easier and more palatable, the initial effort can be more focused on security risks and material generally categorized as offensive. Security risks include known malicious or infected sites and sites containing hacking tools. Offensive sites can vary, especially given the nature of the business, but it typically includes pornography, drugs, and violence.
The flexibility of modern monitoring solutions let enterprises choose just which categories of content to block. Beyond the common ones previously mentioned, organizations can choose to block social networking, political, shopping, file sharing, news, sports, religion, entertainment, and much more. Much of the decision-making will revolve around corporate culture and the personalities involved in choosing what should be blocked.

One statistic worth noting is that 55 percent of respondents to the InformationWeek survey said they monitor to reduce unauthorized attempts to access sensitive data. Unless those respondents' data is accessed through Web applications, they will need something beyond the typical Web and e-mail monitoring tools -- something in the realm of database activity monitoring or data loss prevention solution that can monitor and report on usage of sensitive data.
Whether you want to be big brother, employee monitoring is becoming commonplace, and blocking content is necessary to protect data, public image, and branding. Sometimes it can be used to the extreme, but when kept in check and reasonable policies are set forth, it can help prevent malware from ever being downloaded to a workstation from a malicious site.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Published: 2015-03-03Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.

Published: 2015-03-03** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none.

How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.